Changelog
2024.4
Project Survey History
- Updated the
expand=scan
option to the endpointGET /api/v2/projects/1/survey/history/?include=tags&expand=actor,scan
- The endpoint now returns additional information such as
is_non_native
,repo
, anduser
- The endpoint now returns additional information such as
Team Onboarding
- Added
is_non_native
filter toGET api/v2/team-onboarding/scans/
Library Countermeasures
- Added
last_updated_by__in
filter toGET api/v2/library/tasks/
endpoint. - Added
phase__in
andpriority__in
filters to theGET api/v2/library/tasks/
endpoint. - Added
source
field forintroducing_components
under thereason_for_inclusion
field, to the/api/v2/projects/{project_id}/tasks/
endpoint.
Library Weaknesses
- Added
active
filter toGET /api/v2/library/problems/
endpoint. - Added
cwe__in
filter toGET api/v2/library/problems/
endpoint.
2024.3
Project Diagrams
- Added fields to the endpoint
GET /api/v2/projects/{project_id}/diagram
last_updated
,updated_by
Projects
- Added the Scan expand field to
/api/v2/projects/{project_id}/survey/history/
endpoint.
Library Countermeasure
- Added the following query params for
/api/v2/library/tasks
endpoint. - Added POST, PATCH & DELETE functionality to
/api/v2/library/tasks/
endpoint. - Added POST, PATCH & DELETE functionality to
/api/v2/library/tasks/
endpoint for match conditions. - Added the
active
as a permanent field to the results and deprecated theshow_active
filter, replacing it with a generalactive
filter. - Added
regulation
,regulation__in
, andregulation__isnull
filters toGET api/v2/library/tasks/
endpoint. - Added
type
field, newordering
fields, andtype__in
andphase
filters to the endpointGET /api/v2/library/tasks/
. - Added
last_updated_date_from
,last_updated_date_to
, andlast_updated_by
filters toGET /api/v2/library/tasks/
endpoint. - Added
last_updated_date
, andlast_updated_by
ordering parameters toGET /api/v2/library/tasks/
endpoint. - Updated json response for library tasks list page to include match conditions for the expand param section.
Library Countermeasure Additional Requirements Order
- Added
PATCH /api/v2/library/tasks/{task_id}/amendments/order/
endpoint to allow users to update the order of their Library Countermeasure Additional Requirements.
Library Countermeasure Additional Requirements
- Added
/api/v2/library/tasks/{task_id}/amendments/
endpoint to allow users to create, update, get, and delete their Library Countermeasure Additional Requirements.
Library Countermeasure How-tos
- Added
/api/v2/library/tasks/{task_id}/implementations/
endpoint to allow users to create, update, get, and delete their Library Countermeasure How-tos.
Composite API
- Added new API endpoint which allows users to batch requests.
Library Weaknesses
- Added
active
field for Library Weaknesses on the/api/v2/library/problems/{problem_id}
endpoint. Note: Theactive
field can only be set on a POST or PATCH request if theENABLE_MODIFY_WEAKNESS_ACTIVE_STATUS
flag is enabled. - Added
active
field to Library Weaknessesrelated_tasks
when using therelated_tasks
include filter on the/api/v2/library/problems/{problem_id}
endpoint. - Added ordering for
active
field for Library Weaknesses on theGET api/v2/problems/
endpoint
Project Diagrams
- Removed category from the data of diagram nodes returned by
/api/v2/projects/{project_id}/diagram/
endpoint.
v2024.2
Component Questions
- Added POST & PUT/PATCH functionality to
/api/v2/library/componentquestions/
endpoint.
Projects
- Added new API endpoint to update Project Classification ordinals in bulk.
Countermeasures
Added fields to the endpoint
GET /api/v2/projects/{project_id}/tasks/?include=reason_for_inclusion
implying_answers
,component_reason
,component_explanation
,introducing_components
Bulk Operations
Added new API endpoint to create, update, and delete Projects in bulk.
Project Classifications
- Updated API endpoint:
/api/v2/project-classifications/{id}/
to use id instead of ordinal. - Updated API endpoint:
/api/v2/project-classifications/
to also list Project Classification id. - Updated API endpoint:
/api/v2/projects/{project_id}/survey/draft/
to also list Project Classification id. - Updated API endpoint:
/api/v2/projects/
to also list Project Classification id. - Updated API endpoint:
/api/v2/risk-policies/{risk_policy_id}/
to also list Project Classification id.
Weakness
- Added PATCH functionality for title, text, risk_rating, and cwe fields for weaknesses on the
/api/v2/problems/{problem_id}
endpoint. - Added DELETE functionality to
/api/v2/problems/{problem_id}
endpoint. - Added POST functionality to
/api/v2/problems/
endpoint.
Manage
- Added POST functionality to
/api/v2/project-classifications/
endpoint. - Added new API endpoints to get, create, and delete Auth Integration connections.
- "Survey Comments" has been renamed to "Project Survey Comments" in the guide and navigation menu.
- Added additional project filter to the
/api/v2/team-onboarding/scans/{scan_id}/
endpoint
Project Components
- Added new field
source
Team Onboarding
- Updated existing API endpoints for Team Onboarding Connections to include two new fields (
repo_full_name
andintegration_key
).
v2024.1
Team Onboarding
- Added new API endpoints to get Team Onboarding scans and to start a Team Onboarding scan job.
- Added new API endpoints to get, create, update, and delete Team Onboarding connections.
Library
- Added
parent_answer
field on/api/v2/library/componentquestions/
endpoint. - Added tree depth and path fields to the
/api/v2/library/attributes/
endpoint response. - Added additional filters to the
/api/v2/library/attributes/
endpoint: name, description, parent and depth. Addedexpand
filter for path. - Added Create and Update endpoints to
/api/v2/library/attributes/
- Added Beta notes for
/api/v2/library/componentquestions/
,/api/v2/library/attributes/
, and/api/docs/library-components/
endpoints.
Profiles
- Added ordering for
active
field for profiles on theGET api/v2/profiles/
endpoint - Added the following query params for
/api/v2/profiles/
endpoint.- type__in
- active__in
- Added PATCH functionality for active, answers, default, description, and name fields for custom profiles on the
/api/v2/profiles/{profile_id}
endpoint. - Added DELETE functionality to
/api/v2/profiles/{profile_id}
endpoint. - Added POST functionality to
/api/v2/profiles/
endpoint. - Added readonly
created_by
,created_date
,last_updated_date
, andlast_updated_by
fields
v2023.4
Advanced Reports
- Added new Trend Reporting contexts for
query
field onPOST api/v2/queries/
andPATCH api/v2/queries/{query_id}/
endpoints. - Added
timeDimensions
field to thequery
field onPOST api/v2/queries/
andPATCH api/v2/queries/{query_id}/
endpoints. - Added
type
field onPOST api/v2/queries/
andPATCH api/v2/queries/{query_id}/
endpoints.
Library
- Added the
/api/v2/library/component-icons/
endpoint to provide a list of available icons for Library Components. - Added
icon_slug
andicon_url
fields to the/api/v2/library/components/
endpoint.
v2023.3
General
- Revised terminology to align with industry standards. Problems will now be referred to as Weaknesses, and Tasks will be referred to as Countermeasures.
Automation
- Added
/api/v2/automation/trigger-event/
endpoint to allow users to trigger the automations.
Diagrams
- Deprecated
/api/v2/projects/{project_id}/diagram/
Library
- Added the Library Component Question, and Subquestions when answers are expanded, to the
/api/v2/library/componentquestions/
endpoint.
Library attributes
- Added
Library Attributes
endpoint.
Library components
- Added an expandable
implied_attributes
field in/api/v2/library/components/{component_id}/
and/api/v2/library/components/
endpoints. - Added
component_questions
field in/api/v2/library/components/
endpoint.
v2023.2
Users
- Added
external_id
field in/api/v2/users/
endpoint.
Projects
- Added
external_id
field in/api/v2/projects/
endpoint. - Added
relevant_via_survey
element toGET /api/v2/projects/{project_id}/tasks/
endpoint.
Project Survey History
- Added
answer
expand filter option in the/api/v2/projects/1/survey/history/
endpoint. - Added
visible_only
query parameter - Added
carried_over_history
include parameter to/api/v2/projects/{project_id}/survey/history/
endpoint.
Project Survey Draft
- Added
dirty
field to the/api/v2/projects/{project_id}/survey/draft/
endpoint.
Diagrams
- Updated response to reflect CAM JSON returning from
/api/v2/projects/{project_id}/diagram/
instead of Cytoscape JSON.
v2023.1
Library components
- Added
type
field in/api/v2/library/components/{component_id}/
and/api/v2/library/components/
endpoints. - Updated default ordering for library components in
/api/v2/library/components/
to be bytitle
as opposed toid
previously. - Updated
PUT/PATCH /api/v2/library/components/{component_id}/
endpoint to allow updating Built-in Component fields other thanhidden
. - Added
hidden
filter param to/api/v2/library/components/
endpoint. - Added search by title capability to
/api/v2/library/components/
endpoint.
SSO
- Added
/api/v2/sso/
endpoint to allow users to get and update their SSO type. - Added GET method for
/api/v2/sso/saml/
api endpoint to configure SAML settings on the SSOSettings model - Added
/api/v2/sso/saml/role-mappings/
endpoint to allow users to create, update, get, and delete their SAML Role Mappings. - Added
/api/v2/sso/saml/group-mappings/
endpoint to allow users to create, update, get, and delete their SAML Group Mappings.
v2022.4
- Updated
answer_mapping
field in/api/v2/library/components/{component_id}/
and/api/v2/library/components/
endpoints. - Updated is_active field for
GET /api/v2/library/answers/
andGET /api/v2/library/answers/{answer_id}/
- Added the Project Threats
/api/v2/projects/{project_id}/threats/
endpoint. - Added the
/api/v2/connectors/analysis/{id}/mapping/
endpoint to allow uploading Custom Countermeasure Mappings for Verification Connectors. - Added
GET /api/v2/plugins/analysis/{plugin_id}/mapping
endpoint. - Added the Connected Component
/api/v2/projects/{project_id}/connected-component/
endpoint. - Added the
connected_components
field to the/api/v2/projects/
and/api/v2/projects/{project_id}/
endpoints. This is connected to the component generated by the project, if any. It isnull
when there's no connected component, andcomponent_id
when a connected component has been created. - Added
schemas
field to query parameter in the/queries/{query_id}/
endpoint. - Added PATCH functionality to
/api/v2/library/answers/{answer_id}/
endpoint for the is_active field. - Moved the
threats_count
field under/api/v2/projects/
endpoint to the Project Threats endpoint, and renamed it tototal_threats_count
. - Renamed the
weaknesses
field on the Library Threats endpoint toproblems
. - System administrators have access to
/api/v2/sso/saml/
and/api/v2/sso/
v2022.3
- Updated documentation for
GET /api/v2/flags/
about the changes to its permission. - Added
/api/v2/projects/{project_id}/survey/comments-details/
endpoint. - Added
/dashboards/{dashboard_id}/
endpoint. - Added
/dashboards/{dashboard_id}/preferences/
endpoint - Added
/dashboards/default/
endpoint. - Added
threats_count
field under/api/v2/projects/
endpoint andthreats_count
under/api/v2/projects/{project_id}/components/
endpoint - Added the
/api/v2/library/capecs/
endpoint to return all active Library CAPECs. - Updated
pinned_survey_comments_retention
entry in the Fields table to accept one of the following string values NO_COMMENTS, REQUIRED, ALL_PINNED. - Added a
comment_required
field to questions and subquestions in theProject Survey Draft
endpoint when including asurvey
section. - Added the Library Threats
/api/v2/library/threats
endpoint.
v2022.2
- Added
url
field underreason_for_inclusion
field of/api/v2/projects/{project_id}/tasks/
endpoint. - Added the
/api/v2/flags/
API for toggling product features. - Added
/queries/{query_id}/
endpoint. - Added CubeAPI documentation for Advanced Reporting.
- Added
/api/v2/projects/{project_id}/diagram/
endpoint.
v5.20
- Added
Library Components
,Project Component
,Component Task Status Mappings
andProject Component Updates
endpoints.
v5.19
Added the backup restore API.
v5.18
- Added
reason_for_inclusion
include parameter to/api/v2/projects/{project_id}/tasks/
endpoint.
v5.17
- Added a
pinned_survey_comments_retention
entry to the Fields table for creating new Project Releases.
v5.14
- Added
task_ids
optional payload field to/api/v2/projects/{project_id}/task-updates/
endpoint.
v5.13
- Added
project_locked
field toproject/{project-id}
endpoint. Note: Theproject_locked
field can only be edited if theENABLE_PROJECT_LOCKING
flag is enabled.
v5.12
- Added
tasks_count
filter param toproject/{project-id}/problems/
endpoint. - Added missing
slug
field tobusiness_unit
query parameters. - Added Project Specific Problems carryover fields to Releases endpoint.
- Added
project/{project-id}/survey/comments/
endpoint.
v5.11
- Added
release_project
field toprojects
endpoint.
v5.10
- Fixed examples in the Applications endpoints to have
business_unit
match the actual API behavior.
v5.9
- Added a
source
filter to Project Problems endpoint. - Added endpoints to POST (create), PATCH (update), and DELETE (delete) project specific Problems.
- Added
project_specific
to output of all Project Problem endpoint responses
- Added
- Added
library/cwes
endpoint for listing and retrieving active CWEs - Added
problem
field to the Tasks endpoint for changing the Problem of a project specific Task- Added
problem
to output of all Task endpoint responses - Added expand parameter
expand=problem
to Task endpoints
- Added
v5.8
- Added new filters for Project Problem Tasks
- Added
db_id field
to Library content API endpoints:- Library Tasks (api/v2/library/tasks/)
- Answers (api/v2/library/answers/)
- Library Problems (api/v2/library/problems/)
- Phases (api/v2/phases)
v5.7
- Added
created
andlast_updated
fields to risk factors. - Updated Project Problems and Project Problem Tasks endpoint URLs with new
problem_id
format. - Removed the
related_tasks
include parameter from the Project Problems endpoint.
v5.6
- Updated
description
expand parameter for Tasks endpoint totext
- Added endpoint for Project Problems.
- Added endpoint for associated Tasks of Project Problems.
- Moved Answers section to Library Answers for consistency.
- Added
project/{project-id}/survey/history
endpoint for listing project survey changes.
v5.5
- Added
risk-factors
endpoint. - Added
factor_expression
field to project classifications endpoint. - Added
requires_comment
field to task statuses
v5.4
- Updated documented Library Problems endpoints.
v5.3
- Added endpoints for Events and Actions in Automation.
- Added active field to Profile resources in
/profiles/
endpoint. - Added active field to nested profile field within project resources
v5.2
- Added
library/content-pack
endpoint for Library Content Packs. - Added
automation/event-filters
endpoint - Added
automation/events
endpoint - Added
automation/actions
endpoint
v5.1
- Add
is_unclassified
field to Project Classifications. - Add
unclassified
include parameter to Project Classifications. - LDAP Connections:
- Removed
ldap_start_tls
field - Added
ldap_method
field.- The accepted
ldap_method
value that replacesldap_start_tls
isldap_tls
.
- The accepted
- Removed
v5.0
- Added
verification_categories
to connector/connection endpoints. - Added
answers
endpoint. - Added
project-classifications
endpoint for Project Classifications. - Added read-only
project_classification
field to Projects endpoint. - Added read-only
project_classifications
field to Risk Policies. - Added
project_classification
field to Project Survey Draft endpoint. - Added
matched_classification_answers
field to Project Survey Draft endpoint.
v4.23
- Added
group-mappings
endpoint for LDAP connection.
v4.22
- Added
answers
anddeselect_answers
to Project and Release endpoint.- Ability to select and deselect survey answers when creating a new project or release.
- Added missing documentation for the
carryover_project_specific_tasks
field in the Create a Release endpoint.- Determines whether to retain project specific tasks in a new release.
v4.21
- Added
facets
parameter to Tasks endpoint.- Tasks endpoint now performs basic faceting to show task counts by phase.
- Added Remote Integration Agent endpoint.
v4.20
- Added Task Note examples for POST (create) and PATCH (update).
v4.19
- Added Project Analysis file upload endpoint.
v4.18
- Added Compliance Regulations endpoint.
- Added Verification Status endpoint.
- Updated Risk Policy endpoint.
- Added
conditions.statuses
field. - Merged existing
conditions.task_statuses
field intoconditions.statuses
. filters.regulations
now returns item IDs instead of a slug.
- Added
- Tasks without a verification status will now display the value
"none"
instead ofnone
in theverification_status
field.
v4.17
- Added
alm_auth_mode
andanalysis_auth_mode
to ALM and Verification Connection params.- Supported values are
basic
orapi_token
.
- Supported values are
- Added
api_token
as an additional authentication mode for CA Agile Central. - Added custom lookup filtering to the name field in the
activities
andproject-activities
endpoint. - Added regulations field to the Risk Policy endpoint.
- Removed filtering of risk policies by phases, tags, task_statuses
- Added combined jobs (ALM/Analysis/LDAP) endpoint
- Added
project
filter to the Verification Connections endpoint
v4.16
- Added
is_file_upload
field for Verification connections. - Added filtering to Analysis Plugins endpoint:
- Can now filter by
is_file_upload
.
- Can now filter by
v4.15
- Added Analysis Plugins endpoint.
v4.14
- Added
archived
field to theparent
field of Projects and Releases endpoints:- The
url
field on the Project resource and on theparent
field will now return a null value if it is meaningless (i.e. archived projects don't have valid urls).
- The
- Added
risk_relevant
filter to Tasks endpoint. - Added
status_note
field to Tasks endpoint. Allows a note to be added when changing the status of a Task. - Added
hidden
include parameter to Project Survey endpoint. Allows hidden answers and questions to be displayed.
v4.13
- Added
key_hint_text
andvalue_hint_text
to alm-plugins to provide more details when labelling JSON fields. - Added
risk_rating
field to expanded problem field in Library and Project Tasks. - Added
became_relevant
field to Tasks. - Added
last_note
andlast_verification
include filters to Tasks. - Added
application
expand filter to Projects.
v4.12
- Added writable project-level tagging to Tasks.
- Task tags can be expanded into library-level & project-level tags.
- Added Risk Policy endpoint.
- Updated Business Units/Applications/Projects endpoints with risk policy fields.
- Added
debug_mode
field to Verification Connections and ALM Connections. - Removed redundancy of nesting the survey twice on the project survey endpoint.
- Added profile_draft, survey_complete and survey_dirty fields to projects endpoint.
v4.11
- Dropped references to PUT in the docs, to encourage the use of PATCH.
- Updated the structure of the filters field in the report-settings endpoint.
- Added search capabilities to phases endpoint.
- Added documentation for Project Release endpoint (previously undocumented).
- Added test endpoints for connectors and connections.
v4.10
- Added support for creation and deletion of manually added library tasks to Tasks endpoint:
- Added
manually_added_from_library
field to Task resources. - Added
manually_added_from_library
field to Assigned Task. - The
ad_hoc
field has been renamed toproject_specific
.
- Added
v4.9
- Added
tags
to the Application endpoint. - Added
application_tags
to Project endpoint. - Changed
related_tasks
to include the title, phase, and url of each related task in the Tasks and specific Task endpoints. - Changed
notify_tasks
attribute of UserProfile to include id, name. - Changed
updater
field to be expanded by default in Task Notes endpoint.
v4.8
- Renamed
base
tobase_project
for the Project endpoint. - Added incomplete_tasks include filter and redesign task_counts include filter on projects endpoint.
- Removed
business_unit
as expand filter. - Expanded instances of
business_unit
inapplications
by default. - Added ALM plugins endpoint, which returns metadata for each ALM integration. Used to render ALM forms.
- Added params field to connector endpoint & make connector endpoint writeable.
v4.7
- Added
base
(original project that spawned any number of new releases) to the Project endpoint. (Note: this field will be renamed tobase_project
in v4.8.)
v4.6
- Added
persist_phases
to Business Unit endpoint. - Added
updater
andupdated
fields to Analysis Note endpoint. - Renamed ldap group query field to group base dn.
- Original SDE phases can now be edited via the API.
v4.5
- Phases can be created, edited, or deleted.
- Changed the value of user to email instead of id, since we filter users by email.
- Password can be changed, password metadata retrieved on GET (session / basic authentication only).
- Password reset questions can be created, edited, or deleted.
- API tokens can be generated, revoked or regenerated.
- Email notification settings can be updated.
- Group endpoint now has sync_connections include filter to fetch LDAP connections that reference groups.
- Group can no longer be deleted if referenced by LDAP connection.
- User Profile can be retrieved or updated via
/users/me/
. - LDAP Connections:
- Added
ldap_start_tls
. - Removed
ldap_method
. - Renamed deactivation to
deactivate_stale_users
. - Change group_mapping to use SDE group ids instead of group names.
- Added
v4.4
- Added include field
last_job
for connections returned by the ALM, Analysis and LDAP Connection endpoints. - Added
updater
field tasks returned from thetasks
endpoint. - Added documentation for LDAP connections and jobs.
- LDAP Connections can be created, edited, or deleted.
- LDAP Jobs can be initiated or the results may be submitted.
- Global Roles can be deleted.
- Projects endpoint now has include parameter to get the completion data by phases.
- Added Project Activity endpoint.
- Add is_creator to users in Projects endpoint.
v4.3
- Initiate a password reset via the API (session / basic authentication only).
- Global roles can be created, edited, or deleted.
v4.2
- Added documentation for session and basic authentication.
- Business Units, Groups, and Tasks includes the role of the users the resource returns.
- Included the first name, last name for the users returned by the tasks endpoint.
- ALM and Verification Connections include whether they are accessible or not, and the id of their parent Connector.
- ALM and Verification Connections can be created, edited, or deleted.
- ALM sync jobs can be initiated by POSTing to the alm jobs endpoint.
- Analysis import jobs can be initiated by POSTing to the analysis jobs endpoint.
- Project Role can be ordered and searched for by name.
- (Customer created) Project Roles can be deleted.
- Users endpoint returns if a password reset is in progress.
v4.1, v4.0, v3.9, etc.
- The dark times where we had no change log.